A few issues fixed: http://php.net/ChangeLog-5.php#5.6.36
wrong topic. It should have been "new php 5.6.36 available"
CC: (none) => flinkEver confirmed: 1 => 0Status: NEW => UNCONFIRMED
Summary: new php 5.3.36 available => new php 5.6.36 available
Suggested advisory: ======================== Updated php packages fix security vulnerabilities: - Heap Buffer Overflow (READ: 1786) in exif_iif_add_value (CVE-2018-10549) - Stream filter convert.iconv leads to infinite loop on invalid sequence (CVE-2018-10546) - Malicious LDAP-Server Response causes Crash. (CVE-2018-10548) - incomplete PHAR Fix (CVE-2018-10547) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10547 ======================== Updated packages in core/updates_testing: ======================== php-ini-5.6.36-1.mga6 apache-mod_php-5.6.36-1.mga6 php-cli-5.6.36-1.mga6 php-cgi-5.6.36-1.mga6 libphp5_common5-5.6.36-1.mga6 php-devel-5.6.36-1.mga6 php-openssl-5.6.36-1.mga6 php-zlib-5.6.36-1.mga6 Wrote: /home/iurt/rpmbuild/RPMS/noarch/php-doc-5.6.36-1.mga6.noarch.rpm php-bcmath-5.6.36-1.mga6 php-bz2-5.6.36-1.mga6 php-calendar-5.6.36-1.mga6 php-ctype-5.6.36-1.mga6 php-curl-5.6.36-1.mga6 php-dba-5.6.36-1.mga6 php-dom-5.6.36-1.mga6 php-enchant-5.6.36-1.mga6 php-exif-5.6.36-1.mga6 php-fileinfo-5.6.36-1.mga6 php-filter-5.6.36-1.mga6 php-ftp-5.6.36-1.mga6 php-gd-5.6.36-1.mga6 php-gettext-5.6.36-1.mga6 php-gmp-5.6.36-1.mga6 php-hash-5.6.36-1.mga6 php-iconv-5.6.36-1.mga6 php-imap-5.6.36-1.mga6 php-interbase-5.6.36-1.mga6 php-intl-5.6.36-1.mga6 php-json-5.6.36-1.mga6 php-ldap-5.6.36-1.mga6 php-mbstring-5.6.36-1.mga6 php-mcrypt-5.6.36-1.mga6 php-mssql-5.6.36-1.mga6 php-mysql-5.6.36-1.mga6 php-mysqli-5.6.36-1.mga6 php-mysqlnd-5.6.36-1.mga6 php-odbc-5.6.36-1.mga6 php-opcache-5.6.36-1.mga6 php-pcntl-5.6.36-1.mga6 php-pdo-5.6.36-1.mga6 php-pdo_dblib-5.6.36-1.mga6 php-pdo_firebird-5.6.36-1.mga6 php-pdo_mysql-5.6.36-1.mga6 php-pdo_odbc-5.6.36-1.mga6 php-pdo_pgsql-5.6.36-1.mga6 php-pdo_sqlite-5.6.36-1.mga6 php-pgsql-5.6.36-1.mga6 php-phar-5.6.36-1.mga6 php-posix-5.6.36-1.mga6 php-readline-5.6.36-1.mga6 php-recode-5.6.36-1.mga6 php-session-5.6.36-1.mga6 php-shmop-5.6.36-1.mga6 php-snmp-5.6.36-1.mga6 php-soap-5.6.36-1.mga6 php-sockets-5.6.36-1.mga6 php-sqlite3-5.6.36-1.mga6 php-sybase_ct-5.6.36-1.mga6 php-sysvmsg-5.6.36-1.mga6 php-sysvsem-5.6.36-1.mga6 php-sysvshm-5.6.36-1.mga6 php-tidy-5.6.36-1.mga6 php-tokenizer-5.6.36-1.mga6 php-xml-5.6.36-1.mga6 php-xmlreader-5.6.36-1.mga6 php-xmlrpc-5.6.36-1.mga6 php-xmlwriter-5.6.36-1.mga6 php-xsl-5.6.36-1.mga6 php-wddx-5.6.36-1.mga6 php-zip-5.6.36-1.mga6 php-fpm-5.6.36-1.mga6 phpdbg-5.6.36-1.mga6 php-debuginfo-5.6.36-1.mga6 Source RPMs: php-5.6.36-1.mga6.src.rpm
Assignee: php => qa-bugs
As usual it's a security update. Mageia 5 build also added: php-5.6.35-1.mga5.src.rpm Marc, be careful when you update a version, if you do the mgarepo co and don't allow it to download the old source fully (which is fine, I usually don't), when you do mgarepo sync -d it will download the new source but it won't remove the old one from SOURCES/sha1.lst. You have to do "mgarepo del SOURCES/php-5.6.35.tar.xz" or just remove it from SOURCES/sha1.lst manually. I cleaned it up for mga6.
Ever confirmed: 0 => 1Status: UNCONFIRMED => NEWWhiteboard: (none) => MGA5TOOQA Contact: (none) => securityComponent: RPM Packages => Security
thanks David, I'll push mga5 too. Btw. how long do we support mga5? I thought it we've dropped the support.
I already pushed the Mageia 5 build. It's not officially supported anymore, but I'm unofficially supporting a limited set of packages.
Installed and tested without issues. Tested using several small and large scripts (e.g. drupal, wordpress, custom scripts). Also did some PHP debugging and PHP scripts unit tests. All good. System: Mageia 6, x86_64, Intel CPU. $ uname -a Linux marte 4.14.38-desktop-1.mga6 #1 SMP Mon Apr 30 13:15:08 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep php | sort apache-mod_php-5.6.36-1.mga6 lib64php5_common5-5.6.36-1.mga6 php-cli-5.6.36-1.mga6 php-ctype-5.6.36-1.mga6 php-curl-5.6.36-1.mga6 php-dom-5.6.36-1.mga6 php-filter-5.6.36-1.mga6 php-ftp-5.6.36-1.mga6 php-gd-5.6.36-1.mga6 php-gettext-5.6.36-1.mga6 php-hash-5.6.36-1.mga6 php-ini-5.6.36-1.mga6 php-intl-5.6.36-1.mga6 php-json-5.6.36-1.mga6 php-mbstring-5.6.36-1.mga6 php-memcached-2.2.0-2.mga6 php-mysqli-5.6.36-1.mga6 php-mysqlnd-5.6.36-1.mga6 php-openssl-5.6.36-1.mga6 php-pdo-5.6.36-1.mga6 php-pdo_mysql-5.6.36-1.mga6 php-pdo_pgsql-5.6.36-1.mga6 php-pdo_sqlite-5.6.36-1.mga6 php-phpmailer-5.2.24-1.1.mga6 php-posix-5.6.36-1.mga6 php-session-5.6.36-1.mga6 php-suhosin-0.9.38-1.mga6 php-sysvsem-5.6.36-1.mga6 php-sysvshm-5.6.36-1.mga6 php-timezonedb-2017.2-1.mga6 php-tokenizer-5.6.36-1.mga6 php-xdebug-2.4.0-1.mga6 php-xml-5.6.36-1.mga6 php-xmlreader-5.6.36-1.mga6 php-xmlwriter-5.6.36-1.mga6 php-zlib-5.6.36-1.mga6
Whiteboard: MGA5TOO => MGA5TOO MGA6-64-OKCC: (none) => mageia
My regular battery of tests passed on Mageia 5 x86_64. Looks good to go.
Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
Advisory from comment 2 and bug RPMs list.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0222.html
Status: NEW => RESOLVEDResolution: (none) => FIXED